@mgsoftwarebv/mg-dashboard-mcp 3.5.0 → 3.6.0

package/dist/index.js

@@ -1372,6 +1372,8 @@ var TOOL_MODULE_MAP = {
   "sftp-delete": "ssh_servers",
   "docker-list": "ssh_servers",
   "docker-logs": "ssh_servers",
+  "docker-exec": "ssh_servers",
+  "docker-compose": "ssh_servers",
   "db-discover": "ssh_servers",
   "db-tables": "ssh_servers",
   "db-describe": "ssh_servers",
@@ -1819,6 +1821,28 @@ async function attemptVercelSync(appName, environment, knownStageId) {
     return `Vercel sync error: ${msg}`;
   }
 }
+function posixQuote(arg) {
+  if (arg === "") return "''";
+  if (/^[A-Za-z0-9._\/=:@%+\-]+$/.test(arg)) return arg;
+  return "'" + arg.replace(/'/g, "'\\''") + "'";
+}
+function buildPosixCommand(command, args2) {
+  const program = /^[A-Za-z0-9._\/\- ]+$/.test(command) ? command : posixQuote(command);
+  if (args2.length === 0) return program;
+  return `${program} ${args2.map(posixQuote).join(" ")}`;
+}
+function buildPowerShellEncodedCommand(command, args2) {
+  const psSingleQuote = (s) => "'" + s.replace(/'/g, "''") + "'";
+  let psExpr;
+  if (args2.length === 0) {
+    psExpr = command;
+  } else {
+    psExpr = `& ${psSingleQuote(command)} ${args2.map(psSingleQuote).join(" ")}`;
+  }
+  const utf16 = Buffer.from(psExpr, "utf16le");
+  const b64 = utf16.toString("base64");
+  return `powershell -NoProfile -NonInteractive -ExecutionPolicy Bypass -EncodedCommand ${b64}`;
+}
 var SSH_PROXY_SERVER_ID = "03659d55-e194-400d-b82a-bf6457371ded";
 var _proxyConnCache = null;
 async function getProxyConnection() {
@@ -1838,7 +1862,7 @@ async function getProxyConnection() {
 }
 async function getServerConnection(serverId) {
   assertServerAccess(serverId);
-  const { data, error } = await supabase.from("ssh_server").select("hostname, port, username, password_encrypted, ssh_key_encrypted, ssh_key_passphrase_encrypted, allowed_ssh_ips").eq("id", serverId).single();
+  const { data, error } = await supabase.from("ssh_server").select("hostname, port, username, password_encrypted, ssh_key_encrypted, ssh_key_passphrase_encrypted, allowed_ssh_ips, os_type").eq("id", serverId).single();
   if (error || !data) throw new Error(`Server not found: ${serverId}`);
   if (!encryptionKey) throw new Error("ENCRYPTION_KEY required to decrypt server credentials");
   const conn = {
@@ -1851,10 +1875,11 @@ async function getServerConnection(serverId) {
   };
   const needsProxy = data.allowed_ssh_ips !== null && serverId !== SSH_PROXY_SERVER_ID;
   const proxy = needsProxy ? await getProxyConnection() : void 0;
-  return { conn, proxy };
+  const os = data.os_type === "windows" ? "windows" : "linux";
+  return { conn, proxy, os };
 }
-async function sshExec(opts, command, proxy) {
-  if (proxy) return sshExecViaProxy(proxy, opts, command);
+async function sshExec(opts, command, proxy, options) {
+  if (proxy) return sshExecViaProxy(proxy, opts, command, options);
   return new Promise((resolve) => {
     const ssh = new Client();
     let stdout = "";
@@ -1893,6 +1918,9 @@ async function sshExec(opts, command, proxy) {
             resolve({ stdout, stderr, exitCode: code ?? 0 });
           }
         });
+        if (options?.stdin !== void 0) {
+          stream.end(options.stdin);
+        }
       });
     });
     ssh.on("error", (err) => {
@@ -1913,7 +1941,7 @@ async function sshExec(opts, command, proxy) {
     });
   });
 }
-function sshExecViaProxy(proxyOpts, targetOpts, command) {
+function sshExecViaProxy(proxyOpts, targetOpts, command, options) {
   return new Promise((resolve) => {
     const proxyClient = new Client();
     let done = false;
@@ -1967,6 +1995,9 @@ function sshExecViaProxy(proxyOpts, targetOpts, command) {
                 resolve({ stdout, stderr, exitCode: code ?? 0 });
               }
             });
+            if (options?.stdin !== void 0) {
+              stream.end(options.stdin);
+            }
           });
         });
         targetClient.on("error", (targetErr) => {
@@ -2091,8 +2122,22 @@ function assertWritablePath(path) {
     }
   }
 }
-async function sftpReaddir(opts, dirPath, proxy) {
-  const safe = sanitizePath(dirPath);
+function globToRegExp(pattern) {
+  let re = "";
+  for (const c of pattern) {
+    if (c === "*") re += ".*";
+    else if (c === "?") re += ".";
+    else if (/[.+^${}()|[\]\\]/.test(c)) re += "\\" + c;
+    else re += c;
+  }
+  return new RegExp(`^${re}$`);
+}
+async function sftpReaddir(opts, dirPath, proxy, options) {
+  const recursive = options?.recursive === true;
+  const maxDepth = Math.max(1, Math.min(20, options?.maxDepth ?? 5));
+  const maxResults = Math.max(1, Math.min(5e4, options?.maxResults ?? 5e3));
+  const matcher = options?.pattern ? globToRegExp(options.pattern) : null;
+  const rootSafe = sanitizePath(dirPath);
   let cleanup;
   try {
     const { client, cleanup: c } = await connectSshClient(opts, proxy, 3e4);
@@ -2102,7 +2147,7 @@ async function sftpReaddir(opts, dirPath, proxy) {
         cleanup?.();
         resolve("Error: timeout");
         cleanup = void 0;
-      }, 3e4);
+      }, 6e4);
       client.sftp((err, sftp) => {
         if (err) {
           clearTimeout(timer);
@@ -2111,24 +2156,48 @@ async function sftpReaddir(opts, dirPath, proxy) {
           resolve(`Error: ${err.message}`);
           return;
         }
-        sftp.readdir(safe, (err2, list) => {
-          clearTimeout(timer);
-          if (err2) {
-            cleanup?.();
-            cleanup = void 0;
-            resolve(`Error: ${err2.message}`);
-            return;
-          }
-          const entries = list.map((item) => {
-            const mode = item.attrs.mode || 0;
-            const isDir = (mode & 61440) === 16384;
-            const size = item.attrs.size || 0;
-            const mtime = item.attrs.mtime ? new Date(item.attrs.mtime * 1e3).toISOString() : "";
-            return `${isDir ? "d" : "-"} ${String(size).padStart(10)} ${mtime} ${item.filename}`;
+        const lines = [];
+        let truncated = false;
+        const readOne = (path, depth) => new Promise((resolveOne) => {
+          sftp.readdir(path, (err2, list) => {
+            if (err2) {
+              lines.push(`! error reading ${path}: ${err2.message}`);
+              return resolveOne();
+            }
+            const subdirs = [];
+            for (const item of list) {
+              if (lines.length >= maxResults) {
+                truncated = true;
+                break;
+              }
+              const mode = item.attrs.mode || 0;
+              const isDir = (mode & 61440) === 16384;
+              const size = item.attrs.size || 0;
+              const mtime = item.attrs.mtime ? new Date(item.attrs.mtime * 1e3).toISOString() : "";
+              const fullPath = path === "/" ? `/${item.filename}` : `${path}/${item.filename}`;
+              const include = !matcher || matcher.test(item.filename);
+              if (include) {
+                const display = recursive ? fullPath : item.filename;
+                lines.push(`${isDir ? "d" : "-"} ${String(size).padStart(10)} ${mtime} ${display}`);
+              }
+              if (isDir && recursive && depth < maxDepth) subdirs.push(fullPath);
+            }
+            if (truncated || subdirs.length === 0) return resolveOne();
+            (async () => {
+              for (const sub of subdirs) {
+                if (truncated) break;
+                await readOne(sub, depth + 1);
+              }
+              resolveOne();
+            })();
           });
+        });
+        readOne(rootSafe, 1).then(() => {
+          clearTimeout(timer);
           cleanup?.();
           cleanup = void 0;
-          resolve(entries.join("\n"));
+          if (truncated) lines.push(`... (truncated at ${maxResults} entries; raise maxResults or narrow path/pattern)`);
+          resolve(lines.length ? lines.join("\n") : "No entries");
         });
       });
     });
@@ -2552,12 +2621,15 @@ var TOOLS = [
   },
   {
     name: "ssh-execute",
-    description: "Execute a shell command on a remote server via SSH. Some dangerous commands are blocked for safety.",
+    description: 'Execute a command on a remote server via SSH. OS-aware: automatically wraps in bash on linux servers and `powershell -EncodedCommand` (UTF-16LE base64) on windows servers, so $, #, quotes, spaces inside `args` are never re-interpreted by a shell. Some dangerous commands are blocked. Use `list-servers` first to see each server\'s os_type.\nTwo ways to invoke (use `args` for anything with passwords or special chars):\n- Quick: `command` only, e.g. `command: "df -h"` (raw shell string, OS-dispatched but caller-quoted).\n- Safe: `command` + `args[]`, e.g. `command: "mysql"`, `args: ["-u", "root", "-p$tr@nge#pwd", "-e", "SELECT 1"]` \u2014 every arg is quoted/encoded for the target OS.\n`stdin` lets you pipe data into the remote process (queries, scripts, secrets) without putting it on the command line.',
     inputSchema: {
       type: "object",
       properties: {
         serverId: { type: "string", description: "UUID of the SSH server" },
-        command: { type: "string", description: "Shell command to execute" },
+        command: { type: "string", description: 'Program/command to run (e.g. "mysql", "Get-Service", "df"). Required.' },
+        args: { type: "array", items: { type: "string" }, description: "Optional argv list. When provided, each entry is safely quoted/encoded for the target OS." },
+        stdin: { type: "string", description: "Optional data piped to the remote process stdin (use for SQL queries, scripts, secrets \u2014 anything you do NOT want on the command line)." },
+        shell: { type: "string", enum: ["auto", "bash", "powershell"], description: `Override shell selection (default "auto" uses the server's os_type).` },
         timeout: { type: "number", description: "Timeout in milliseconds (default: 60000)" }
       },
       required: ["serverId", "command"]
@@ -2565,12 +2637,16 @@ var TOOLS = [
   },
   {
     name: "sftp-list",
-    description: "List files and directories at a given path on a remote server via SFTP.",
+    description: 'List files and directories on a remote server via SFTP. Supports recursive traversal and glob filtering, eliminating the need to fall back on `ssh-execute "find ..."`.',
     inputSchema: {
       type: "object",
       properties: {
         serverId: { type: "string", description: "UUID of the SSH server" },
-        path: { type: "string", description: "Directory path to list (default: /)" }
+        path: { type: "string", description: "Directory path to list (default: /)" },
+        recursive: { type: "boolean", description: "Walk into subdirectories (default false)" },
+        maxDepth: { type: "number", description: "Maximum recursion depth (1-20, default 5)" },
+        pattern: { type: "string", description: 'Glob pattern to filter filenames (e.g. "*.conf", "wp-*.php"). Matches basename only.' },
+        maxResults: { type: "number", description: "Cap total entries returned (default 5000, max 50000)" }
       },
       required: ["serverId"]
     }
@@ -2615,28 +2691,66 @@ var TOOLS = [
   },
   {
     name: "docker-list",
-    description: "List all Docker containers on a remote server (running and stopped).",
+    description: "List Docker containers on a remote server. Adds the docker-compose project label as the last column so you can immediately see which compose project a container belongs to.",
     inputSchema: {
       type: "object",
       properties: {
-        serverId: { type: "string", description: "UUID of the SSH server" }
+        serverId: { type: "string", description: "UUID of the SSH server" },
+        format: { type: "string", enum: ["table", "json"], description: "Output format: human table (default) or NDJSON (one JSON object per line, includes labels)." },
+        composeOnly: { type: "boolean", description: "Only show containers that have a docker-compose project label." }
       },
       required: ["serverId"]
     }
   },
   {
     name: "docker-logs",
-    description: "Get recent logs from a Docker container.",
+    description: "Get logs from a Docker container. Supports time-window (`since`) and server-side `grep` to keep responses small. Always merges stderr into stdout.",
     inputSchema: {
       type: "object",
       properties: {
         serverId: { type: "string", description: "UUID of the SSH server" },
         containerName: { type: "string", description: "Container name or ID" },
-        lines: { type: "number", description: "Number of log lines to retrieve (default: 100)" }
+        lines: { type: "number", description: "Number of log lines to retrieve (default: 100)" },
+        since: { type: "string", description: 'Time window, e.g. "10m", "2h", "24h", or an absolute "2026-05-09T10:00:00".' },
+        grep: { type: "string", description: "Case-insensitive regex/literal filter applied server-side (saves tokens for noisy containers)." }
       },
       required: ["serverId", "containerName"]
     }
   },
+  {
+    name: "docker-exec",
+    description: 'Run a command inside a running Docker container. `args[]` are quoted safely (no shell-escape hell with $ or quotes). Optional `stdin` pipes data into the container process (for SQL, scripts, etc.). Use this instead of `ssh-execute "docker exec ..."`.',
+    inputSchema: {
+      type: "object",
+      properties: {
+        serverId: { type: "string", description: "UUID of the SSH server" },
+        container: { type: "string", description: "Container name or ID" },
+        command: { type: "string", description: 'Program to run inside the container (e.g. "psql", "wp", "node").' },
+        args: { type: "array", items: { type: "string" }, description: "Argument list, each safely quoted." },
+        stdin: { type: "string", description: "Optional data piped to the container process stdin." },
+        workdir: { type: "string", description: "Working directory inside the container (-w)." },
+        user: { type: "string", description: "User to run as inside the container (-u)." },
+        timeout: { type: "number", description: "Timeout in milliseconds (default: 60000)" }
+      },
+      required: ["serverId", "container", "command"]
+    }
+  },
+  {
+    name: "docker-compose",
+    description: 'Run a docker-compose action against a project on a remote server. Replaces the common `ssh-execute "cd /opt/x && docker compose ..."` pattern. Action enum keeps the surface tiny.',
+    inputSchema: {
+      type: "object",
+      properties: {
+        serverId: { type: "string", description: "UUID of the SSH server" },
+        projectPath: { type: "string", description: "Absolute path to the directory containing docker-compose.yml." },
+        action: { type: "string", enum: ["up", "down", "restart", "logs", "ps", "pull", "build"], description: "Compose action." },
+        service: { type: "string", description: 'Optional service name to scope the action to (e.g. "studio"). Omit to act on the whole project.' },
+        tail: { type: "number", description: "For `logs`: number of lines (default 200)." },
+        timeout: { type: "number", description: "Timeout in milliseconds (default: 120000 \u2014 compose ops can be slow)." }
+      },
+      required: ["serverId", "projectPath", "action"]
+    }
+  },
   {
     name: "db-discover",
     description: "Scan /var/www on a server for web applications (WordPress, PrestaShop, Laravel, .env) and list their database credentials. Use this first to find available sites before running other db-* tools.",
@@ -2888,10 +3002,22 @@ async function executeToolCall(name, a, _serverId) {
       case "ssh-execute": {
         const command = String(a.command);
         assertSafeCommand(command);
-        const { conn, proxy } = await getServerConnection(String(a.serverId));
+        const args2 = Array.isArray(a.args) ? a.args.map(String) : void 0;
+        const stdin = typeof a.stdin === "string" ? a.stdin : void 0;
+        const shellOverride = typeof a.shell === "string" ? a.shell : "auto";
+        const { conn, proxy, os } = await getServerConnection(String(a.serverId));
         if (a.timeout) conn.timeout = Number(a.timeout);
-        const result = await sshExec(conn, command, proxy);
-        const output = [`Exit code: ${result.exitCode}`];
+        const shell = shellOverride === "auto" ? os === "windows" ? "powershell" : "bash" : shellOverride;
+        let finalCmd;
+        if (args2 && args2.length > 0) {
+          finalCmd = shell === "powershell" ? buildPowerShellEncodedCommand(command, args2) : buildPosixCommand(command, args2);
+        } else if (shell === "powershell" && !/^powershell\b/i.test(command.trim())) {
+          finalCmd = buildPowerShellEncodedCommand(command, []);
+        } else {
+          finalCmd = command;
+        }
+        const result = await sshExec(conn, finalCmd, proxy, stdin !== void 0 ? { stdin } : void 0);
+        const output = [`Exit code: ${result.exitCode} (os: ${os}, shell: ${shell})`];
         if (result.stdout) output.push(`--- stdout ---
 ${result.stdout}`);
         if (result.stderr) output.push(`--- stderr ---
@@ -2901,7 +3027,12 @@ ${result.stderr}`);
       // ----- SFTP -----
       case "sftp-list": {
         const { conn, proxy } = await getServerConnection(String(a.serverId));
-        const listing = await sftpReaddir(conn, String(a.path || "/"), proxy);
+        const listing = await sftpReaddir(conn, String(a.path || "/"), proxy, {
+          recursive: a.recursive === true,
+          maxDepth: typeof a.maxDepth === "number" ? a.maxDepth : void 0,
+          pattern: typeof a.pattern === "string" ? a.pattern : void 0,
+          maxResults: typeof a.maxResults === "number" ? a.maxResults : void 0
+        });
         return { content: [{ type: "text", text: listing }] };
       }
       case "sftp-read": {
@@ -2922,16 +3053,109 @@ ${result.stderr}`);
       }
       // ----- Docker -----
       case "docker-list": {
+        const format = a.format === "json" ? "json" : "table";
+        const composeOnly = a.composeOnly === true;
+        const filterArg = composeOnly ? ' --filter "label=com.docker.compose.project"' : "";
+        const fmtArg = format === "json" ? ` --format '{{json .}}'` : (
+          // Add the compose project as the last column. Docker's --format
+          // template language uses {{ index .Labels "key" }} for label lookup.
+          ` --format 'table {{.Names}}	{{.Image}}	{{.Status}}	{{.Ports}}	{{ index .Labels "com.docker.compose.project" }}'`
+        );
+        const cmd = `docker ps -a${filterArg}${fmtArg}`;
         const { conn, proxy } = await getServerConnection(String(a.serverId));
-        const result = await sshExec(conn, 'docker ps -a --format "table {{.Names}}	{{.Image}}	{{.Status}}	{{.Ports}}"', proxy);
+        const result = await sshExec(conn, cmd, proxy);
         return { content: [{ type: "text", text: result.exitCode === 0 ? result.stdout : `Error: ${result.stderr}` }] };
       }
       case "docker-logs": {
         const container = String(a.containerName).replace(/[^a-zA-Z0-9._-]/g, "");
         const lines = Number(a.lines) || 100;
+        const sinceRaw = typeof a.since === "string" ? a.since.trim() : "";
+        const grepRaw = typeof a.grep === "string" ? a.grep : "";
+        let sinceArg = "";
+        if (sinceRaw) {
+          if (!/^\d+[smhd]$/i.test(sinceRaw) && !/^\d{4}-\d{2}-\d{2}/.test(sinceRaw)) {
+            return { content: [{ type: "text", text: 'Error: invalid `since` format (expected e.g. "10m", "2h", or ISO timestamp)' }] };
+          }
+          sinceArg = ` --since ${posixQuote(sinceRaw)}`;
+        }
+        const grepSuffix = grepRaw ? ` | grep -i -E ${posixQuote(grepRaw)}` : "";
+        const cmd = `docker logs --tail ${lines}${sinceArg} ${container} 2>&1${grepSuffix}`;
         const { conn, proxy } = await getServerConnection(String(a.serverId));
-        const result = await sshExec(conn, `docker logs --tail ${lines} ${container} 2>&1`, proxy);
-        return { content: [{ type: "text", text: result.exitCode === 0 ? result.stdout : `Error: ${result.stderr}` }] };
+        const result = await sshExec(conn, cmd, proxy);
+        if (result.exitCode !== 0 && !(grepRaw && result.exitCode === 1)) {
+          return { content: [{ type: "text", text: `Error (exit ${result.exitCode}): ${result.stderr || result.stdout}` }] };
+        }
+        return { content: [{ type: "text", text: result.stdout || "(no log lines matched)" }] };
+      }
+      case "docker-exec": {
+        const container = String(a.container).replace(/[^a-zA-Z0-9._-]/g, "");
+        if (!container) return { content: [{ type: "text", text: "Error: invalid container name" }] };
+        const command = String(a.command);
+        const args2 = Array.isArray(a.args) ? a.args.map(String) : [];
+        const stdin = typeof a.stdin === "string" ? a.stdin : void 0;
+        const workdir = typeof a.workdir === "string" && a.workdir ? ["-w", a.workdir] : [];
+        const user = typeof a.user === "string" && a.user ? ["-u", a.user] : [];
+        const stdinFlag = stdin !== void 0 ? ["-i"] : [];
+        const dockerArgs = [...stdinFlag, ...workdir, ...user, container, command, ...args2];
+        const fullCmd = buildPosixCommand("docker", ["exec", ...dockerArgs]);
+        const { conn, proxy } = await getServerConnection(String(a.serverId));
+        if (a.timeout) conn.timeout = Number(a.timeout);
+        const result = await sshExec(conn, fullCmd, proxy, stdin !== void 0 ? { stdin } : void 0);
+        const output = [`Exit code: ${result.exitCode}`];
+        if (result.stdout) output.push(`--- stdout ---
+${result.stdout}`);
+        if (result.stderr) output.push(`--- stderr ---
+${result.stderr}`);
+        return { content: [{ type: "text", text: output.join("\n") }] };
+      }
+      case "docker-compose": {
+        const projectPath = String(a.projectPath);
+        if (!projectPath || !projectPath.startsWith("/")) {
+          return { content: [{ type: "text", text: "Error: projectPath must be an absolute path" }] };
+        }
+        const action = String(a.action);
+        const allowedActions = ["up", "down", "restart", "logs", "ps", "pull", "build"];
+        if (!allowedActions.includes(action)) {
+          return { content: [{ type: "text", text: `Error: invalid action (allowed: ${allowedActions.join(", ")})` }] };
+        }
+        const service = typeof a.service === "string" && a.service ? a.service : "";
+        const tail = Number(a.tail) > 0 ? Number(a.tail) : 200;
+        let composeArgs;
+        switch (action) {
+          case "up":
+            composeArgs = service ? ["up", "-d", service] : ["up", "-d"];
+            break;
+          case "down":
+            composeArgs = service ? ["down", service] : ["down"];
+            break;
+          case "restart":
+            composeArgs = service ? ["restart", service] : ["restart"];
+            break;
+          case "logs":
+            composeArgs = service ? ["logs", "--no-color", `--tail=${tail}`, service] : ["logs", "--no-color", `--tail=${tail}`];
+            break;
+          case "ps":
+            composeArgs = service ? ["ps", service] : ["ps"];
+            break;
+          case "pull":
+            composeArgs = service ? ["pull", service] : ["pull"];
+            break;
+          case "build":
+            composeArgs = service ? ["build", service] : ["build"];
+            break;
+          default:
+            composeArgs = [];
+        }
+        const composeCmd = buildPosixCommand("docker", ["compose", ...composeArgs]);
+        const fullCmd = `cd ${posixQuote(projectPath)} && ${composeCmd} 2>&1`;
+        const { conn, proxy } = await getServerConnection(String(a.serverId));
+        conn.timeout = Number(a.timeout) > 0 ? Number(a.timeout) : 12e4;
+        const result = await sshExec(conn, fullCmd, proxy);
+        const output = [`Exit code: ${result.exitCode} (compose ${action}${service ? ` ${service}` : ""} @ ${projectPath})`];
+        if (result.stdout) output.push(result.stdout);
+        if (result.stderr) output.push(`--- stderr ---
+${result.stderr}`);
+        return { content: [{ type: "text", text: output.join("\n") }] };
       }
       // ----- Database -----
       case "db-discover": {